VPN (VirtualPrivateNetwork) is an extension of the private network. You can simulate a point-to-point dedicated connection through a shared Internet or public network connection to send data between a local computer and a remote computer. It has good confidentiality and is not subject to authorization, so that both parties can freely and securely point to VPN (Virtual Private Network) is an extension of the Private Network. You can simulate a point-to-point dedicated connection through a shared Internet or public network connection to send data between a local computer and a remote computer. It has good confidentiality and is not subject to authorization, so that both parties can establish a free and secure point-to-point connection.
The following describes how to quickly build a VPN server.
Install software
1. PPP installation
Install PPP (Point-to-Point Protocol) version 2.4.2 or later.
The installation command is as follows:
# Rpm-Uvh ppp-2.4.3-0.cvs_20040527.1.i386.rpm
2. kernel MPPE patch installation
Install the kernel MPPE (Microsoft Point to Point Encryption, Microsoft Point-to-Point Encryption) patch and select the appropriate version based on the kernel. The installation command is as follows:
# Rpm-ivh kernel-mppe-2.4.20-31.9.i686.rpm
Run the following command to check whether the kernel MPPE patch is successfully installed:
# Modprobe ppp-compress-18
3. does PPP support MPPE check?
Run the following command to check whether PPP supports MPPE:
# Strings/usr/sbin/pppd grep-I mppe wc -- lines
If the above command output is "0", it means not supported; if the output is "30" or a larger number, it means support.
4. PPTPD installation
Download and install the pptpd-1.1.4-b4.i386.rpm package.
# Rpm-ivh pptpd-1.1.4-b4.i386.rpm
Modify configuration file
1. modify the modules. conf file
Edit the/etc/modules. conf configuration file and add the following content:
Alias net-pf-47 ip_gre
2. modify the pptpd. conf file
Edit the/etc/pptpd. conf configuration file and add the following content to determine the IP address of the local VPN server and the IP address range allocated after the client logs on.
Debug
Option/etc/ppp/options.ppt pd
Localip 192.168.0.254 # IP address of the local VPN server
Remoteip 192.168.1.1-254 # IP address range allocated by the client
3.modify the options.ppt pd file
Edit the/etc/ppp/options.ppt pd configuration file and replace it with the following content:
Auth
Lock
Debug
Proxyarp
Lock
Name rh9vpn # name of the VPN server
Multilink
Refuse-pap
Refuse-chap
Refuse-mschap
Refuse-eap
Refuse-mschap-v2
Require-mppe
Ms-wins 192.168.1.2 # enter the IP address of the machine you want to see in the network neighbor.
Ms-dns 192.168.1.2 # DNS server address
Dump
Logfile/var/log/pptpd. log # log storage path
4. modify the chap-secrets file
Edit the/etc/chap-secrets configuration file and add the following content:
# Client server secret IP addresses
"Test@www.linuxidc.com" * "test "*
The four items in the second line of code correspond to the four items in the first line. Test@www.linuxidc.com "target =" _ blank ">" test@www.linuxidc.com "is the VPN user name of the Client;" server "corresponds to the name of the VPN server, the name must be the same as that specified in the/etc/ppp/options.ppt pd file, or be set to "*" to automatically identify the server; "secret" corresponds to the login password; "IP addresses" corresponds to the IP address of the client that can be dialed in. if you do not need to make any special restrictions, you can set it.
5. set IP disguised forwarding
Only remote computers connected to the VPN can ping each other after IP disguised forwarding is configured, so as to achieve sharing like a LAN. Run the following command to set the parameters:
# Echo 1>/proc/sys/net/ipv4/ip_forward
You can put this command in the file/etc/rc. d/rc. local to automatically run this command at startup.
6. open the firewall Port
Open port 1723 and Port 47 of the Linux server and enable the GRE protocol.
Now the settings of the Linux server are complete, and the Windows client is used for testing.
Test
The following uses Windows Server 2003 as an example for testing.
1. create a connection
Click Start → Set → network and dial-up connections to open the network and dial-up connections window, and then click new connection to open the network connection wizard window, select or enter "connect to my workplace Network> virtual private network connection> company name (you can enter it as needed)> do not dial the initial connection → IP address (enter the IP address of the VPN server )", click OK to create a new connection.
2. modify connection attributes
Right-click the connection you just created, and click "properties> Network (select TCP/IP protocol)> Properties> Advanced ", remove the check box before "use the default gateway on the remote network" and click "OK ".
3. establish a connection
Double-click the established connection, enter the username and password set in advance, and click OK to connect. If the connection is successful, you can see the IP address allocated to the server and other information in the connection "details. Then, you can communicate with other computers in the connected Lan.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
